Time filter

Source Type

Le Touquet – Paris-Plage, France

Raynal F.,Sogeti ESEC | Gaspard F.,Telecom New Zealand International
Journal in Computer Virology | Year: 2010

Information warfare is nowadays a well-known concept. However, articles are mainly split into two categories. The first one deals with how information must be managed in a system (e. g. a company or a state), in order to achieve information dominance, that is providing more and better information than the others so that they have to follow what is produced. The second one is more on how information can be used as a weapon. Dominance is one goal, but not the only one: deception, intoxication or misinformation are others. In this article, we chose the second approach. The goal when using information as a weapon is to influence a target so that it does what the attacker wants, or to cause effects. We chose also to focus on a specific battlefield: Internet. One particularly important aspect of the Internet is that it is both a container and contents. For instance, web sites are providing articles, but they are also some servers, referenced by search engines. As such, we combined this duality to increase the effects of the operations given as example. We illustrate the operation through examples, where both information is created, but also its container is improved. We show how Search Engine Optimization can be used for information warfare. Combining oriented action techniques and information based techniques make each of them much more efficient. This article shows how information warfare can be conducted on Internet. The goal is to illustrate how very few people can organize an information based attack, targeting either a company or a state for instance. © 2008 Springer-Verlag France. Source

Raynal F.,MISC | Delugre G.,Sogeti ESEC | Aumaitre D.,Sogeti ESEC
Journal in Computer Virology | Year: 2010

People have now come to understand the risks associated with MS Office documents: whether those risks are caused by macros or associated breaches. PDF documents on the contrary seem to be much more secure and reliable. This false sense of security mainly comes from the fact that these documents appear to be static. The widespread use of Acrobat Reader is most likely also accountable for this phenomenon to the detriment of software that modifies PDFs. As a consequence, PDF documents are perceived as images rather than active documents. And as everyone knows, images are not dangerous, so PDFs aren't either. In this article we present the PDF language and its security model, and then the market leader of PDF software, Acrobat Reader. Finally, we will show how this format can be used for malicious purposes. © 2009 Springer-Verlag France. Source

Bedrune J.-B.,Sogeti ESEC | Filiol E.,Laboratoire Of Virologie Et Of Cryptologie Operationnelles | Raynal F.,Sogeti ESEC
Journal in Computer Virology | Year: 2010

This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefore, focus will be set on errors, deliberate or not, from the implementation or the use of such tools, to information leakage. First, straight attacks on encryption keys are examined. They are searched in binary files, in memory, or in memory files (such as hibernation files). We also show how a bad initialization on a random generator sharply reduces key entropy, and how to negate this entropy by inserting backdoors. Then, we put ourselves in the place of an attacker confronted to cryptography. He must first detect such algorithms are used. Solutions for this problem are presented, to analyze binary files as well as communication streams. Sometimes, an attacker can only access encrypted streams, without having necessary tools to generate such a stream, and is unable to break the encryption used. In such situations, we notice that it often remains information leakages which appear to be clearly interesting. We show how classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information. We build for example sociograms able to reveal key elements of an organization, to determine the type of organization, etc. The final part puts in place the set of results obtained previously through the analysis of a closed network protocol. Packet format identification relies on the behavioural analysis of the program, once all the cryptographic elements have been identified. © 2009 Springer-Verlag France. Source

Discover hidden collaborations